Only allow frame from neighbor switch

ycae · ‎01-08-2013

Hi,

We have a situation where a switch needs to sit in the office space and not in a rack. However, we would like to avoid that someone connects another device on that port.

So is it possible to resrict a port on a switch to only allow frames coming from a defined neighbor switch? So that on that specific port no host can be connected, only a switch?

Thanks for your input.

Regards,

Yves

Suresh Vinayagam Subramanian · ‎01-11-2013

Hi,

I Understand that your requirement is nobody should connect his PC or switch into the switch .

If this is right, then i could think of below features:

1.you could use BPDU guard feature to protect any switch connected to you switch . As switch Generately send BPDU to all connected ports. so BPDU guard feature will shutdown that port once it received the BPDU .

2. To Protect PC to be connected on your switch .

configure switchport port-security with violation shutdown option . so if the switch receive otherthan configured mac address than interface will got to error-disable state ans also send SNMP traps.

switchport port-security

switchport port-security mac-address 00:24:d7:16:bd:c5 ------> Non existing mac in your network

switchport port-security violation shutdown

note : Second option can protect both switch and PC .So i believe only port-security is enough

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

Thanks

VS